Iran's nuclear program seems to have been the prime target of one of the Internet's most renowned malworms, Stuxnet. Believed, but never demonstrated, to be the creation of a nation state (with the United States and Israel the heavily favored suspects), Stuxnet was brilliantly designed selectively to target the Siemens cyber-systems used in Iran's nuclear processing.
Admittedly, Siemens SCADA systems used elsewhere were also hit, but those in Iran sustained the most damage by far. This hardly leads anyone to scream "Coincidence!" when Iran turns out to be the target of an even more refined cyberweapon, Flame.
As with Stuxnet, we have Moscow's Kaspersky Lab to thank for first flushing out and describing this new threat. Described by a Kaspersky expert as possibly "the most sophisticated cyber weapon yet unleashed," Flame's main purpose seems to be information theft rather than destruction.
What it shares in common with Stuxnet, according to Kaspersky, is the exploitation of very specific software vulnerabilities, and -- yes -- the geographical trajectory of its targeting, well illustrated by this Kaspersky map:
Again, the focus on Iran is more than striking.
Characterised as a "huge package of modules," Flame can replicate on removeable media as well as local networks. Once introduced:
Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on. All this data is available to the operators through the link to Flame's command-and-control servers.
The ability to record audio is innovative, as is the ability to take screenshots when specific applications are run. Kaspersky is certain, both from the complexity of the toolkit, and the attack vectors, that a nation state is responsible for Flame's creation and release.
Which gets us somewhere or nowhere, depending on how you look at it. For all security expert Richard Clarke's vaunted certainty that the United States was behind Stuxnet, there remains a startling lack of hard evidence. If Flame is indeed the work of a nation state, it's again hard to imagine a more likely culprit than the States, with or without the involvement of Israel. Why would China be so deeply engaged in cyberespionage in the Middle East?
But in this game of smoke and mirrors, who knows? There is, however, a deeper reason for concern -- if you need one. It seems likely that Flame had been in the wild for as much as two to three years before Kaspersky discovered it. What's more, there are multiple variants out there, currently active.
Which brings us to the inevitable question: What other, possibly more sophisticated attack kits are roaming the Internet, as yet unknown to us? Panic mongering? The rule, when it comes to cybersecurity, seems to be that things are always worse than you think they are.
At the same time, has a large scale top secret program with any public results ever remained hidden for long? It seems that the Us government isn't actually that good at secrecy for anything of this scale - and I'm glad. I'd hate to think that the government could do something illegal or immoral and get away with it. (The best conspiracies are the ones we don't know about, natch.)
Of course, then we have the two top secret spy satelites that the military is giving to NASA, which makes me think that there is some level of government competency in keeping things away from the public - not that no-one has mentioned the size of the non-civilian space program before.
FBI is now probing the leak of the story to the Times. Reporter David Sanger's book -- of which the article is an excerpt -- comes out this week: Confront and Conceal. I imagine the Feds will be paying him a visit.
I've been thinking about this a lot. Did Obama start or declare a war? Doesn't this imply that the president has violated the War Powers Resolution?
I'm not sure how this will play out, but I think we need to consider it as a nation. If we attacked Iran, we should be prepared for the consequences. And even if we didn't, is it then justifiable for them to try to take out our power grid or phone system via a similar attack?
Yes, a remarkable piece of reporting in the Times, David. It seems the confirmation comes from sources who wish to remain anonymous, but if the Times has multiple sources, it's certainly justified in publishing the story.
Not sure why they didn't go with a headline specifically about Stuxnet: it's pretty significant that it's now being attributed to the States, especially given the Pentagon's position that a cyberattack is equivalent to a conventional "act of war."
But Kaspersky isn't the only heavy-weight in the security field, nor are they the biggest. I mean why didn't IBM ISS find it? They are probably the biggest when it comes to security and research labs. The payload had to come from somewhere... it had to be delivered somehow...
5 years is the upper limits of an equipment refresh... is it possible that the equipment was infected at the factory?
Great blog and great analyses. I agree with you Jason Mick, that Israel and the US support is a likely candidate. I believe the whole goal is pure "espionage" in the old fashioned form - information gathering.
But I fully support yours and Sec Tech's supposition that Russia is a suspicious player, particularly in "discovering" Flame.
Sooner or later there was bound to be something worse than StuxNet. But then the questions arise that don't seem to have answers - at least not any that have come to light.
For instance:
Does anyone not find it kind of suspect that the US is the percieved culprit considering the area that's been targeted? To my way of thinking, the fact that there have been two major 'worms' attacking that region that the world would attribute to the US is suspicious. While I'm not denying that the US could/would gain a lot by doing that, I can think of a few countries that could/would gain more by putting the US in a bad (okay, worse than usual) light and destroy trust and good will. Who has the most to gain with the conintued instability and possible deterioration of the stability in the Middle East? Who has the most to gain if the US becomes isolated due to distrust engendered by the belief that the US would stoop to such heinous actions?
Why is it that Russian Kaspersky Labs 'discovered' both StuxNet and Flame? I find that highly suspicious. Does anyone else? Why did no other security think tank or security company have any awareness of either until after Kaspersky made the announcements?
Just some things to think about since I don't think the 'creators' will ever stand up and admit to their involvement.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Edward Snowden was so convinced that the Prism program involved secretive surveillance through Internet backdoors that he walked out on his job and his girlfriend, spoke to the media, and resigned himself to jail, or worse. It turns out, he might just be wrong.
In one of the nastiest -- not to mention large scale and long-term -- hacking exploits yet to be reported, it appears that the Chinese army has been rummaging through the data of those who have served in the US Armed Forces.
ASA Risk Consultants added its voice this week to the slowly growing chorus of voices demanding a coordinated international response to cyberattacks. In a research note circulated by IDG, ASA asserts that "nations will need to come to an agreement on how cyber warfare should be handled."
Extending existing US wiretap laws to give federal agencies easier backdoor access to Internet communications -- especially real-time P2P services like VoIP -- will give, not only aid and comfort, but also technical assistance, to the country's enemies. Not to mention cyberthieves.
Sean Smith, a US Foreign Service IT manager, gave his life in service of his country and the world. His life and death are a humbling example for all of us who work in IT.
US counterterrorism expert Richard Clarke, who came to prominence with his prescient warnings before the 9/11 attacks, tells Smithsonian Magazine the US was responsible for the Stuxnet supersmart worm that attacked parts of nuclear reactors in Iran – and in the process, has given away one of the world's most sophisticated cyberweapons.
Law enforcement agencies are poised to use iPhones as facial recognition systems in the coming months. The technical advance promises efficiency but has created a backlash among civil liberties proponents.
Cyber Warfare may be the next frontier for tactical hacking. It has already reared its head in Estonia, Russia, and Georgia, and some say it has been used by North Korea, China, and other world powers. The implications and the potential are both fascinating and scary.
The FBI recently issued a warning to smartphone users, highlighting two mobile malware applications: Loozfan, which steals personal information, and FinFisher, which is spyware that takes over a smartphone's functions.
It wouldn't be the first time, but a group of Chinese engineers has proposed a means by which the Internet's root could be split, enabling secondary, independent networks that could be government-controlled. The Internet's root security committee is taking such proposals seriously.
Big-data and analytics tools enable marketers to understand customers as individuals, identifying unmet needs and addressing each customer as a "segment of one," says John Kennedy, VP corporate marketing, IBM.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The IBM Smarter Commerce Global Summit in Monaco kicked into high gear today, and we've already begun to see news emerging from that lovely city-state by the sea.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Email This
